Vulnerability Name:

CVE-2008-5363 (CCN-47245)

Assigned:2008-11-17
Published:2008-11-17
Updated:2018-11-02
Summary:The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2008-5363

Source: CCN
Type: RHSA-2008-0945
Important: flash-plugin security update

Source: CCN
Type: RHSA-2008-0980
Important: flash-plugin security update

Source: SECUNIA
Type: Third Party Advisory
33390

Source: SECUNIA
Type: Third Party Advisory
34226

Source: GENTOO
Type: Third Party Advisory
GLSA-200903-23

Source: SREASON
Type: Third Party Advisory
4692

Source: SUNALERT
Type: Broken Link
248586

Source: CCN
Type: Sun Alert ID: 248586
Multiple Security Vulnerabilities in the Flash Player Plugin for Solaris

Source: CONFIRM
Type: Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm

Source: CCN
Type: ASA-2009-020
Multiple Security Vulnerabilities in the Flash Player Plugin for Solaris (Sun 248586)

Source: CCN
Type: NORTEL BULLETIN ID: 2009009312, Rev 1
Nortel Response to Sun Alert 248586 - Multiple Security Vulnerabilities in the Flash Player Plugin for Solaris

Source: CCN
Type: Adobe Product Security Bulletin APSB08-22
Additional disclosure of security vulnerabilities fixed in Flash Player 10.0.12.36 and Flash Player 9.0.151.0

Source: MISC
Type: Patch, Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb08-22.html

Source: CCN
Type: GLSA-200903-23
Adobe Flash Player: Multiple vulnerabilities

Source: MISC
Type: Third Party Advisory
http://www.isecpartners.com/advisories/2008-01-flash.txt

Source: CCN
Type: OSVDB ID: 53097
Adobe Multiple Product ActionScript 2 VM Dictionary Data Structure Character Element Handling DoS

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20081122 Adobe Flash Multiple Vulnerabilities

Source: XF
Type: UNKNOWN
air-flashplayer-actionscript-dos(47245)

Source: CCN
Type: iSEC Partners Security Advisory - 2008-01-flash
Adobe Flash Multiple Vulnerabilities

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:air:*:*:*:*:*:*:*:* (Version < 1.5)
  • OR cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 9.0.16.0 and < 9.0.151.0)
  • OR cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 10 and < 10.0.12.36)

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:air:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.28.0::mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.16::windows:*:*:*:*:*
  • OR cpe:/a:adobe:air:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:air:1.01:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_89::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_89::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_95::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_95::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_88::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_88::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_87::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_86::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_86::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_87::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_100::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_100::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_102::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_102::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_91::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_91::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_90::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_90::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_101::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_101::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_92::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_93::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_94::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_99::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_98::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_97::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_96::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_94::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_93::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_99::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_97::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_98::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_96::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_103::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_103::x86:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:22730
    P
    		ELSA-2008:0945: flash-plugin security update (Critical)
    2014-05-26
    oval:com.redhat.rhsa:def:20080945
    P
    		RHSA-2008:0945: flash-plugin security update (Critical)
    2008-11-18
    BACK
    adobe air *
    adobe flash player *
    adobe flash player *
    adobe flash player 9.0.31
    adobe flash player 9.0.45.0
    adobe flash player 9.0.47.0
    adobe flash player 9.0.48.0
    adobe flash player 9.0.115.0
    adobe flash player 9.0.16
    adobe flash player 9.0.18d60
    adobe flash player 9.0.20.0
    adobe flash player 9.0.28.0
    adobe air 1.0
    adobe flash player 9.0.114.0
    adobe flash player 9.0.124.0
    adobe flash player 9.0.112.0
    adobe flash player 10.0.12.10
    adobe flash player 9.0.28.0
    adobe flash player 9.0.16
    adobe air 1.1
    adobe air 1.01
    adobe flash player 10.0.0.584
    adobe flash player 9.125.0
    gentoo linux *
    sun solaris 10
    sun solaris 10
    redhat rhel extras 3
    redhat rhel extras 4
    sun opensolaris build_snv_89
    sun opensolaris build_snv_89
    sun opensolaris build_snv_95
    sun opensolaris build_snv_95
    sun opensolaris build_snv_88
    sun opensolaris build_snv_88
    sun opensolaris build_snv_87
    sun opensolaris build_snv_86
    sun opensolaris build_snv_86
    sun opensolaris build_snv_87
    sun opensolaris build_snv_100
    sun opensolaris build_snv_100
    sun opensolaris build_snv_102
    sun opensolaris build_snv_102
    sun opensolaris build_snv_91
    sun opensolaris build_snv_91
    sun opensolaris build_snv_90
    sun opensolaris build_snv_90
    sun opensolaris build_snv_101
    sun opensolaris build_snv_101
    sun opensolaris build_snv_92
    sun opensolaris build_snv_93
    sun opensolaris build_snv_94
    sun opensolaris build_snv_99
    sun opensolaris build_snv_98
    sun opensolaris build_snv_97
    sun opensolaris build_snv_96
    sun opensolaris build_snv_94
    sun opensolaris build_snv_93
    sun opensolaris build_snv_99
    sun opensolaris build_snv_97
    sun opensolaris build_snv_98
    sun opensolaris build_snv_96
    sun opensolaris build_snv_103
    sun opensolaris build_snv_103